Just as privacy remains front page news, it remains a subject of bi-partisan interest on Capitol Hill. This entry briefly describes (1) the oversight role Congressional committees are performing when privacy makes the news, (2) the establishment of a new Senate Judiciary Committee privacy subcommittee chaired by Senator Al Franken (D-MN); (3) the expected legislation to be introduced in the Senate; (3) the bills that have landed in the House and the other proposals expected there; (4) the focus on amendments to ECPA and CALEA; and (5) the contintuing innovations in state legislatures. In short, a two minute read on the state of privacy in the legislative branch.
Monthly Archives: February 2011
HHS Imposes a $4.3 Million Civil Monetary Penalty For Violations of the HIPAA Privacy Rule
Today the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) imposed a civil monetary penalty (CMP) in the amount of $4.3 million on Cignet Health for violations of the HIPAA Privacy Rule. This represents the first CMP imposed by HHS for HIPAA privacy violations. When Congress enacted the HITECH law in [...]
Upcoming Webinars on Privacy Developments in Washington and Data Security Breach Notification Laws
Two webinars, one afternoon. On Thursday, February 24, Hogan Lovells Privacy and Information Management Practice Director Chris Wolf will participate in a BNA webinar (along with Senior Governmental Affairs Advisor Nancy Granese of Hogan Lovells and Jules Polonetsky of the Future of Privacy Forum) on privacy developments in Washington, and an Experian webinar on data security breach notification laws (along with Reed Freeman of Morrison & Foerster and Tony Hadley of Experian). Both pay-to-view programs are open for sign-up now.
Supreme Court Defers on Constitutional Right to Information Privacy; Scalia Predicts Increased Litigation
On January 19, the Supreme Court decided NASA v. Nelson, a case brought by NASA contractors alleging that questions asked by the federal agency in a background check violated their constitutional right to information privacy — i.e., a constitutional privacy interest in the government “avoiding the disclosure of personal matters” recognized in a pair of 1977 cases, Whalen v. Roe and Nixon v. Administrator of General Services. At issue were questions that asked whether the contractors received “any treatment or counseling” regarding illegal drug use within the previous year (as a follow up to a question regarding whether they used, possessed, supplied or manufactured illegal drugs within that year), and questions directed toward references for information bearing on “suitability for government employment or security clearance,” including “adverse information” about an the contractor’s “honesty or trustworthiness,” “violations of the law,” “financial integrity,” “abuse of alcohol and/or drugs,” “mental or emotional stability,” “general behavior or conduct,” or “other matters.”
NIST Issues Guidance on Cloud Computing Privacy and Security Requirements for Federal Agencies
Recent guidance from the National Institute of Standards and Technology (“NIST”) encourages federal agencies to take advantage of cloud computing. It also provides draft security and privacy guidelines for federal agencies to follow when engaging cloud providers. The draft guidelines serve as roadmaps for how to negotiate meaningful privacy and data security protections from cloud providers. Though prepared for federal agencies, the draft guidelines could prove influential to the private sector as an increasing number of private businesses use cloud services. NIST has requested comments on the drafts by no later than February 28, 2011.
FTC Posts Guidance for Providers and Insurers on Medical Identity Theft
Shining a new spotlight on health data breaches, the Federal Trade Commission recently posted a frequently asked questions guide to medical identity theft for health care providers and insurers. Medical identity theft occurs when one person obtains health care services or prescription drugs using the identity of someone else, or when those working in a health care provider setting [...]
The EU officially has recognized Israel as having adequate protection for personal data, permitting cross-border transfers
With decision of 31 January 2011 (2011/61/EU), Israel has now formally been recognized by the European Commission as a country which provides an adequate level of protection of personal data, permitting cross-border transfers.
Cisco Privacy Site Features Hogan Lovells Cloud Compliance Primer
Cisco has launched a Privacy and Security Compliance Journey web site with a variety of useful materials and resources. Hogan Lovells is pleased to have its primer on legal issues in Cloud Computing including privacy and data security concerns as the first featured content on the Cisco site. A link to the primer is contained in this blog entry.